Download Introduction - The University of Texas at Dallas

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
Document related concepts
no text concepts found
Transcript 
Cyber Security Essentials
Dr. Bhavani Thuraisingham
The University of Texas at Dallas
Introduction to the Course
May 29, 2015
Text Book
 CISSP All-in-One Exam Guide, Sixth Edition
 Author: Shon Harris
 Publisher: McGraw-Hill Osborne Media; 6th edition
 Language: English
Course Rules
 Unless special permission is obtained from the instructor, each
student will work individually.
 Copying material from other sources will not be permitted unless the
source is properly referenced.
 Any student who plagiarizes from other sources will be reported to
the Computer Science department and any other committees as
advised by the department
 No copying of anything from a paper except for about 10 words in
quotes. No copying of figure even if it is attributed. You have to draw
all figures.
 Course Attendance is Mandatory unless prior permission is obtained
Course Plan
 Exam #1: 20 points – July 10
 Exam #2: 20 points - August 7??
 Two term papers 10 points each: Total 20 points
- June 26, July 24
 Programming project : 20 points
- July 31
 Two Assignments: 10 points each: Total: 20 points
- June 19, July 17
Assignment #1
 Explain with examples the following
- Discretionary access control
- Mandatory access control
- Role-based access control (RBAC)
- Privacy aware role based access control
- Temporal role based access control
- Risk aware role-based access control
- Attribute-based access control
- Usage control (UCON)
Assignment #2
 Suppose you are give the assignment of the Chief Security Officer of
a major bank (e.g., Bank of America) or a Major hospital (e.g.,
Massachusetts General)
 Discuss the steps you need to take with respect to the following (you
need to keep the following in mining: Confidentiality, Integrity and
Availability;; you also need to understand the requirements of
banking or healthcare applications and the policies may be:
- Information classification
- Risk analysis
- Secure networks
- Secure data management
- Secure applications
Term Papers
 Write two papers on any topic discussed in class (that is, any of the
10 CISSP modules)
Sample format - 1
 Abstract
 Introduction
 Survey topics – e..g, access control models
 Analysis (compare the models)
 Future Directions
 References
Sample format - 2
 Abstract
 Introduction
 Literature survey and what are the limitations
 Your own approach and why it is better
 Future Directions
 References
Project
 Software
 Design document
- Project description
- Architecture (prefer with a picture) and description (software –
e.g., Oracle, Jena etc.)
- Results
- Analysis
- Potential improvements
- References
Sample projects
 Risk analysis tool
 Query modification for XACML
 Data mining tool for malware
 Trust management system
    -
Paper: Original – you can use material from
sources, reword (redraw) and give reference
 Abstract
 Introduction
 Body of the paper
- Comparing different approaches and analyzing
- Discuss your approach,
- Survey
 Conclusions
 References
- ([1]. [2], - - -[THUR99].
- Embed the reference also within the text.
- E.g., Tim Berners Lee has defined the semantic web to be -[2].
--
Contact
 For more information please contact
- Dr. Bhavani Thuraisingham
- Professor of Computer Science and
- Director of Cyber Security Research Center Erik Jonsson School
of Engineering and Computer Science EC31, The University of
Texas at Dallas Richardson, TX 75080
- Phone: 972-883-4738
- Fax: 972-883-2399
- Email: [email protected]
- URL:
- http://www.utdallas.edu/~bxt043000/
Index to Lectures for Exam #2
Lecture #3: Data Mining for Malware Detection
Lecture #7: Digital Forensics
Lecture #8: Privacy
Lecture #11: Access Control in Data Management Systems
Lecture #13: Secure Data Architectures
Lecture #20: Introduction to SOA, Secure SOA, Secure Cloud
Lecture #21: Secure Cloud Computing (some duplication with Lecture #20)
Lecture #22: Comprehensive Overview of Cloud Computing
Lecture #23: Secure Publication of XML Documents in the Cloud
Lecture #24: Cloud-based Assured Information Sharing
Lecture #25: Secure Social Media
 Also read the paper Managing Multi-Jurisdictional Requirements in the
Cloud: Towards a Computational Legal Landscape, David Gordon and Travis
Breaux; ACM CCS Cloud Security Workshop 2011
Papers to Read for Exam #2
 Managing Multi-Jurisdictional Requirements in the Cloud: Towards a
Computational Legal Landscape, David Gordon and Travis Breaux; ACM CCS
Cloud Security Workshop 2011
 Access Control in Data Management Systems (Lecture #11)
-
Suggested Papers
-
RBAC: Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, Charles E. Youman:
Role-Based Access Control Models. IEEE Computer 29(2): 38-47 (1996)
UCON: Jaehong Park, Ravi S. Sandhu: The UCONABC usage control model. ACM
Trans. Inf. Syst. Secur. 7(1): 128-174 (2004) - first 20 pages
DCON: Roshan K. Thomas, Ravi S. Sandhu: Towards a Multi-dimensional
Characterization of Dissemination Control. POLICY 2004: 197-200 (IEEE)
-
 Privacy (Lecture #8)
-
Suggested papers
-
Rakesh Agrawal, Ramakrishnan Srikant: Privacy-Preserving Data Mining. SIGMOD
Conference 2000: 439-450
Papers to Read for Exam #2
 Data Mining for Malware Detection (Lecture #3)
-
Suggested Papers
-
Mohammad M. Masud, Latifur Khan, Bhavani M. Thuraisingham: A Hybrid Model to
Detect Malicious Executables. ICC 2007: 1443-1448
 Secure Third Part Publication of XML Data in the Cloud (Lecture #23)
-
Suggested Papers
-
Elisa Bertino, Barbara Carminati, Elena Ferrari, Bhavani M. Thuraisingham, Amar
Gupta: Selective and Authentic Third-Party Distribution of XML Documents. IEEE
Trans. Knowl. Data Eng. 16(10): 1263-1278 (2004) (first 6 sections, proofs not
needed for exam)
 Cloud-basd Assured Information Sharing (Lecture #24)
-
Suggested Papers
-
Tyrone Cadenhead, Vaibhav Khadilkar, Murat Kantarcioglu, Bhavani M.
Thuraisingham: A cloud-based RDF policy engine for assured information sharing.
SACMAT 2012: 113-116
Papers to Read for Exam #2
 Secure Social Media (Lecture #25)
-
Suggested Papers
-
Barbara Carminati, Elena Ferrari, Raymond Heatherly, Murat Kantarcioglu, Bhavani
M. Thuraisingham: A semantic web based framework for social network access
control. SACMAT 2009: 177-186
-
Jack Lindamood, Raymond Heatherly, Murat Kantarcioglu, Bhavani M.
Thuraisingham: Inferring private information using social network data. WWW
2009: 1145-1146
Papers to Read for Presentations: CODASPY
2011
Lei Jin, Hassan Takabi, James B. D. Joshi: Towards active detection of identity
clone attacks on online social networks. 27-38 (Sachin)
Philip W. L. Fong: Relationship-based access control: protection model and policy
language. 191-202
Mohammad Jafari, Philip W. L. Fong, Reihaneh Safavi-Naini, Ken Barker, Nicholas
Paul Sheppard: Towards defining semantic foundations for purpose-based privacy
policies. 213-224 (Jane)
Igor Bilogrevic, Murtuza Jadliwala, Jean-Pierre Hubaux, Imad Aad, Valtteri Niemi:
Privacy-preserving activity scheduling on mobile devices. 261-272
Barbara Carminati, Elena Ferrari, Sandro Morasca, Davide Taibi: A probabilitybased approach to modeling the risk of unauthorized propagation of information in
on-line social networks. 51-62 (Chitra)
Papers to Read for Presentations: CODASPY
2012
 Yuhao Yang, Jonathan Lutes, Fengjun Li, Bo Luo, Peng Liu: Stalking online:
on user privacy in social networks. 37-48 (Jason)
 Suhendry Effendy, Roland H. C. Yap, Felix Halim: Revisiting link privacy in
social networks. 61-70 (Kruthika)
 Ninghui Li, Haining Chen, Elisa Bertino: On practical specification and
enforcement of obligations. 71-82 (Ankita)
 Ian Molloy, Luke Dickens, Charles Morisset, Pau-Chen Cheng, Jorge Lobo,
Alessandra Russo: Risk-based security decisions under uncertainty. 157-168
(Navya)
 Musheer Ahmed, Mustaque Ahamad: Protecting health information on mobile
devices. 229-240 (Ajay)
Papers to Read for Presentations: CODASPY
2013
 Sanae Rosen, Zhiyun Qian, Zhuoqing Morley Mao: AppProfiler: a flexible
method of exposing privacy-related behavior in android applications to end
users. 221-232 (Akshay)
 Rimma V. Nehme, Hyo-Sang Lim, Elisa Bertino: FENCE: continuous access
control enforcement in dynamic data stream environments. 243-254
 Wei Wei, Ting Yu, Rui Xue: iBigTable: practical data integrity for bigtable in
public cloud. 341-352 (Ashwin)
 Majid Arianezhad, L. Jean Camp, Timothy Kelley, Douglas Stebila:
Comparative eye tracking of experts and novices in web single sign-on. 105116
Papers to Read for Presentations: CODASPY
2014
 William C. Garrison III, Yechen Qiao, Adam J. Lee: On the suitability of
dissemination-centric access control systems for group-centric sharing. 1-12
(Pratyusha)
 Ebrahim Tarameshloo, Philip W. L. Fong, Payman Mohassel: On protection in
federated social computing systems. 75-86 (Aishwarya)
 Michael Mitchell, Guanyu Tian, Zhi Wang: Systematic audit of third-party
android phones. 175-186
 Tien Tuan Anh Dinh, Anwitaman Datta: Streamforce: outsourcing access
control enforcement for stream data to the clouds. 13-24 (Arpita)
 Mohammad Saiful Islam, Mehmet Kuzu, Murat Kantarcioglu: Inference attack
against encrypted range queries on outsourced databases. 235-246
Papers to Read for Presentations – ACM CCS
Cloud Security Workshop 2011
 All Your Clouds are Belong to us - Security Analysis of Cloud Management
Interfaces
Juraj Somorovsky, Mario Heiderich, Meiko Jensen, Joerg Schwenk, Nils
Gruschka and Luigi Lo Iacono (Kirupa)
 Trusted Platform-as-a-Service: A Foundation for Trustworthy Cloud-Hosted
Applications
Andrew Brown and Jeff Chase (Rohit)
 Detecting Fraudulent Use of Cloud Resources
Joseph Idziorek, Mark Tannian and Doug Jacobson
Papers to Read for Presentations – ACM CCS
Cloud Security Workshop 2012
 Fast Dynamic Extracted Honeypots in Cloud Computing
Sebastian Biedermann, Martin Mink, Stefan Katzenbeisser (Anirudh)
 Unity: Secure and Durable Personal Cloud Storage
Beom Heyn Kim, Wei Huang, David Lie
 Exploiting Split Browsers for Efficiently Protecting User Data
Angeliki Zavou, Elias Athanasopoulos, Georgios Portokalidis, Angelos
Keromytis (Rahul)
 CloudFilter: Practical Control of Sensitive Data Propagation to the Cloud
Ioannis Papagiannis, Peter Pietzuch
Papers to Read for Presentations – ACM CCS
Cloud Security Workshop 2013
 Structural Cloud Audits that Protect Private Information
Hongda Xiao; Bryan Ford; Joan Feigenbaum
 Cloudoscopy: Services Discovery and Topology Mapping
Amir Herzberg; Haya Shulman; Johanna Ullrich; Edgar Weippl (Ahmed)
 Cloudsweeper: Enabling Data-Centric Document Management for Secure
Cloud Archives
Chris Kanich; Peter Snyder (Greeshma)
 Supporting Complex Queries and Access Policies for Multi-user Encrypted
Databases
Muhammad Rizwan Asghar; Giovanni Russello; Bruno Crispo
Papers to Read for Presentations – ACM CCS
Cloud Security Workshop 2014
 CloudSafetyNet: Detecting Data Leakage between Cloud Tenants
Christian Priebe; Divya Muthukumaran; Dan O'Keeffe; David Eyers; Brian
Shand; Ruediger Kapitza; Peter Pietzuch (Sowmaya)
 Reconciling End-to-End Confidentiality and Data Reduction In Cloud Storage,
Nathalie Baracaldo; Elli Androulaki; Joseph Glider; Alessandro Sorniotti
 A Framework for Outsourcing of Secure Computation
Jesper Buus Nielsen; Claudio Orlandi (Ajay)
 Guardians of the Clouds: When Identity Providers Fail
Andreas Mayer; Marcus Niemietz; Vladislav Mladenov; Joerg Schwenk
(Viswesh)
 Your Software at my Service
Vladislav Mladenov, Christian Mainka; Florian Feldmann; Julian Krautwald;
Joerg Schwenk
Related documents
Example: Data Mining for the NBA - The University of Texas at Dallas
Example: Data Mining for the NBA - The University of Texas at Dallas
Water in the Air - Earth Science With Mrs. Locke
Water in the Air - Earth Science With Mrs. Locke
ASTR2050 Introduction to Astronomy and Astrophysics Studio lab April 1, 2005
ASTR2050 Introduction to Astronomy and Astrophysics Studio lab April 1, 2005
I am a tornado - Santee School District
I am a tornado - Santee School District
1 - OnCourse
1 - OnCourse
Operating System Research Worksheet
Operating System Research Worksheet
Meteorology Study Guide
Meteorology Study Guide
Clouds- Lesson 3
Clouds- Lesson 3
Why is the sky blue? - Pennsylvania Sea Grant
Why is the sky blue? - Pennsylvania Sea Grant
FinalExamSpring2005
FinalExamSpring2005
Legal issues in cloud computing
Legal issues in cloud computing
Formation of the Solar System
Formation of the Solar System
Solar System Formation - The Solar Nebula Theory
Solar System Formation - The Solar Nebula Theory
Document
Document
Introduction - The University of Texas at Dallas
Introduction - The University of Texas at Dallas
Introduction - The University of Texas at Dallas
Introduction - The University of Texas at Dallas
cloud computing
cloud computing